The CVE-2021-24084 vulnerability was discovered by cybersecurity researcher Abdelhamid Naceri, who reported it to Microsoft’s Zero Day Initiative program in October 2020. After that, the company contacted him to announce that the April 2021 update would include the solution to it.This update arrived and Naceri’s Windows installation continued to show the vulnerability.
At that point, Microsoft notified him that they had not forgotten about the matter, and to be calm that they would release a patch in July. But July came and, again, there was no patch, so Naceri chose to describe the vulnerability publicly, on his personal blog.
Just in case you’re wondering no, in the five months since that last date, the patch has not been released either individually or as part of a major update. In such a way that the 0patch micropatch service has finally chosen to give its own solution to the problem.
To do this, they have released an unofficial free micropatch – that is, not linked to Microsoft – that will be available for free until Microsoft releases the official patch.If you want to use this patch, create a free account at 0patch Central, then install and register 0patch Agent from 0patch.com : “everything else will happen automatically and you will not need to restart the computer”.
A more serious vulnerability than it seemed at first
Mitja Kolsek, co-founder of the service, explained that they too overlooked the vulnerability at first, as it was spread as an information disclosure error, which is usually not relevant enough to merit 0patch’s attention.
Chandel’s post refers to another vulnerability, HiveNightmare / SeriousSAM, which demonstrated that “arbitrary file disclosure can turn into local privilege escalation if [the attacker] knows what files to access and what to do with them.”
In the vulnerability at hand, the attacker can make use of the content of the * .CAB file that we create in C: \ Windows \ Temp \ by pressing the “Export” button in ‘Settings> Get access to work or school> Export the files administration record ‘ .